Cybersecurity Saturday - Ermer and Suter PLLC

From the cybersecurity policy front,

Federal News Network lets us know,
- “Agencies that oversee critical infrastructure should address threats posed by China and work to establish baseline cybersecurity requirements over the next two years.
- “That’s according to new guidance signed out by Homeland Security Secretary Alejandro Mayorkas on June 14. The document lays out priorities over the next two years for sector risk management agencies. SRMAs are responsible for overseeing the security of specific critical infrastructure sectors.
- “From the banking system to the electric grid, from healthcare to our nation’s water systems and more, we depend on the reliable functioning of our critical infrastructure as a matter of national security, economic security, and public safety,” Mayorkas said in a statement. “The threats facing our critical infrastructure demand a whole of society response and the priorities set forth in this memo will guide that work.”

The Wall Street Journal adds,
- “The U.S. government is pushing board directors at critical-infrastructure companies to improve cybersecurity oversight amid intense espionage and hacking campaigns from China and other adversaries. “The U.S. government is pushing board directors at critical-infrastructure companies to improve cybersecurity oversight amid intense espionage and hacking campaigns from China and other adversaries.
- “On Tuesday [June 18], the U.S. Secret Service, the Cybersecurity and Infrastructure Security Agency, the National Association of Corporate Directors, credit card giant Mastercard and venture-capital firm NightDragon delivered a one-day course to 16 such directors.
- “The attending directors, all of whom serve in leadership roles such as chairing audit committees on the boards of critical-infrastructure companies, sat for instruction at the Secret Service’s Laurel, Md.-based training facility. The course isn’t a primer on cybersecurity basics, but practical education on current threats and oversight.

The Washington Post reports,
- “The Biden administration announced Thursday [June 20] that it will ban Kaspersky Lab from distributing its anti-virus software and cybersecurity products in the United States, pointing to national security concerns related to the Russian company.
- “Commerce Secretary Gina Raimondo told reporters the decision was made following an “extremely thorough investigation,” and that Kaspersky has “long raised national security concerns.” The United States in 2017 banned federal agencies [and contractors] from using those products. * * *
- “The ban on Kaspersky products comes into full effect Sept. 29, according to a statement from the Commerce Department. Until then, Kaspersky will be allowed to continue providing some services in the United States, including certain updates, to give U.S. consumers and businesses time to find alternatives.
- “Individuals or businesses that continue to use the products will not face legal penalties, department said, but assume “all the cybersecurity and associated risks of doing so.”

From the cybersecurity vulnerabilities and breaches front,

Cybersecurity Dive informs us,
- “At least 147,000 ASUS routers are potentially exposed to a critical vulnerability, which can allow a remote attacker to bypass authentication and gain login access, researchers at Censys said Thursday [June 20].
- “ASUS issued a security advisory on June 14 recommending customers upgrade their firmware or apply mitigation steps if the upgrade was not possible.
- “The improper authentication vulnerability, listed as CVE-2024-3080, has a CVSS score of 9.8.”

FEHBlog note — The Cybersecurity and Infrastructure Security Agency did not add new known exploited vulnerabilities to its catalog this week.

Cybersecurity Dive adds,
- “Multifactor authentication appeared in almost half of all security incidents the Cisco Talos incident response teams encountered during the first quarter of the year, according to data released Tuesday.
- “In 25% of cases, incident response specialists responded to fraudulent MFA push notifications sent by attackers, Cisco Talos found.
- “Users did not properly implement MFA in 1 in 5 Cisco Talos engagements, the firm said.”

Health IT Security tells us
- “UnitedHealth Group (UHG) has begun notifying affected entities of the Change Healthcare data breach and will begin mailing breach notifications to individual cyberattack victims in late July, the company stated in a June 20 media notice.
- “Change said it has completed a review of over 90% of impacted files and continues to see no evidence that full medical histories were exfiltrated from its systems during the cyberattack. Change explained that it only recently obtained a dataset that was safe to analyze, as its own systems were difficult to access during recovery.
- “Even though the data review is not yet complete, Change has begun notifying the customers it has identified as impacted as of June 20 so they can proactively respond. * * *
- “Change Healthcare’s latest update further confirmed that the company will make HIPAA and state attorney general notifications on behalf of victim entities unless those entities decide to opt out and handle the notifications themselves.
- “The affected information varied by individual but may have included contact information, health insurance information, billing and claims information, medical record numbers, diagnoses, test results, Social Security numbers, and other personal information.
- “Change offered two years of complimentary credit monitoring and identity theft protection services to victims and said that it reinforced its security and privacy policies in light of the incident.

From the ransomware front,

NPR reflects on the ransomware attack on Ascension Health.

CIS0 Series adds,
- “As many as 10 companies are facing ransom payments between $300,000 and $5 million following a breach against cloud-based data analytics firm Snowflake earlier this month. According to Mandiant, who has helped lead Snowflake’s case, the hacking scheme has “entered a new stage” as the ransom demands flow in, as well as death threats against the cybersecurity experts investigating the breach. The hackers gained access to the information by targeting Snowflake users using single-factor authentication techniques. Mandiant has said it anticipates the ransomware group to “continue to attempt to extort victims.”

The American Hospital Association News tells us,
- “The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) this week released an advisory about Qilin, formerly “Agenda,” a ransomware-as-a-service group targeting health care and other industries worldwide. The group was observed recruiting affiliates in late 2023, and has variants written in Golang and Rust, HC3 said. Qilin is known to gain initial access through spear phishing, as well as leveraging remote monitoring and management and other common tools in cyberattacks. The group is also known to practice double extortion. HC3 said the group’s targeting appears to be opportunistic rather than targeted.”

Per Cybersecurity Dive,
- “Crime is paying less often for threat actors as improved corporate security measures — and dramatically higher ransom demands — sway more companies to reject extortion payments for seized data.
- “Less than a quarter of 1,800 companies that submitted cyber claims to Marsh, or 23%, paid ransom demands last year, despite a 64% jump in extortion events from 2022 to a record 282, the insurance broker and risk advisor said in a June 11 report.
- “In 2021, Marsh noted, 63% of its clients paid an extortion demand to protect data.
- “Companies, especially larger ones, are “just more resilient than they were three, four, five years ago,” Meredith Schnur, managing director of Marsh’s U.S. and Canada cyber practice, told Legal Dive.”

From the cybersecurity defenses front,

Dark Reading explains why multi-factor authentication is not enough while Tech Radar points out why we need a password-less world.

Tech Target gives advice on how to write a useful cybersecurity incident report.

Here’s a link to this week’s CISO Corner in Dark Reading.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Subscribe to FEHBlog